# nextcloud_bare_metal_install_on_debian ## Baremetal install of Nextcloud on Debian ### Install packages ```bash apt install -y \ apache2 \ bzip2 \ exif \ imagemagick \ mariadb-server \ redis-server \ libapache2-mod-php \ php-apcu \ php-bcmath \ php-bz2 \ php-ctype \ php-curl \ php-dom \ php-gd \ php-gmp \ php-imagick \ php-intl \ php-mbstring \ php-mysql \ php-posix \ php-redis \ php-xml \ php-zip ``` ### Configure Mariadb Create Nextcloud cnf ```bash nano /etc/mysql/conf.d/nextcloud.cnf ``` Insert ```bash [mysqld] transaction_isolation = READ-COMMITTED binlog_format = ROW ``` Restart mariadb service ```bash systemctl restart mariadb ``` Check above settings ```bash mariadb ``` Input the following ```bash SELECT @@global.tx_isolation; SELECT @@global.binlog_format; ``` Create database ```bash CREATE USER 'nextcloud'@'localhost' IDENTIFIED BY 'phaiNooc9oibu2shoopo2shah8kohH'; CREATE DATABASE IF NOT EXISTS nextcloud CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci; GRANT ALL PRIVILEGES ON nextcloud.* TO 'nextcloud'@'localhost'; FLUSH PRIVILEGES; exit; ``` Secure mariadb installation ```bash mysql_secure_installation ``` ### Nextcloud installation Download Nextcloud ```bash wget https://download.nextcloud.com/server/releases/latest.tar.bz2 wget https://download.nextcloud.com/server/releases/latest.tar.bz2.asc wget https://download.nextcloud.com/server/releases/latest.tar.bz2.md5 wget https://nextcloud.com/nextcloud.asc gpg --import nextcloud.asc ``` Verify downloads ```bash md5sum -c latest.tar.bz2.md5 < latest.tar.bz2 gpg --verify latest.tar.bz2.asc latest.tar.bz2 ``` Move files to documents root ```bash tar -xjvf latest.tar.bz2 cp -prv nextcloud /var/www chown -R www-data:www-data /var/www/nextcloud ``` Change php settings ```bash nano /etc/php/8.2/apache2/php.ini ``` Search and replace the following ``` memory_limit = 1G upload_max_filesize = 10G post_max_size = 0 max_execution_time = 3600 date.timezone = America/Chicago opcache.interned_strings_buffer=16 ``` Restart apache2 ```bash systemctl restart apache2 ``` Create php file to verify settings ``` nano /var/www/html/phpinfo.php ``` Add the following ```bash ``` Go to `http://192.168.1.43/phpinfo.php` and verify Disable the page and delete html directory ```bash a2dissite 000-default.conf systemctl restart apache2 rm -r /var/www/html ``` ### Apache2 Create data folder ```bash mkdir /var/www/nextcloud/data chown -R www-data:www-data /var/www/nextcloud/data ``` Configure apache2 ```bash nano /etc/apache2/sites-available/nextcloud.conf ``` Insert the following ```bash DocumentRoot /var/www/nextcloud/ ServerName nextcloud.akanealw.com Require all granted AllowOverride All Options FollowSymLinks MultiViews Dav off ``` Enable sites and mods ```bash a2ensite nextcloud.conf a2enmod rewrite a2enmod headers a2enmod env a2enmod dir a2enmod mime ``` Restart apache2 ```bash systemctl restart apache2 ``` ### Install Nextcloud ```bash cd /var/www/nextcloud/ sudo -u www-data php occ maintenance:install \ --database='mysql' --database-name='nextcloud' \ --database-user='nextcloud' --database-pass='phaiNooc9oibu2shoopo2shah8kohH' \ --admin-user='admin' --admin-pass='iengil2nienoh9ieNg4ureo4vee2sh' \ --data-dir='/var/www/nextcloud/data' ``` Edit php file ```bash nano /var/www/nextcloud/config/config.php ``` Insert the following ```bash 'trusted_domains' => array ( 0 => 'nextcloud.akanealw.com', 1 => '192.168.1.43', ), 'trusted_proxies' => array ( 0 => '192.168.1.4', ), 'default_language' => 'en', 'default_locale' => 'en_US', 'default_phone_region' => 'US', 'overwrite.cli.url' => 'https://nextcloud.akanealw.com', 'overwriteprotocol' => 'https', 'overwritewebroot' => '/', 'overwritecondaddr' => '192.168.1.4', 'htaccess.RewriteBase' => '/', ``` Update config ```bash cd /var/www/nextcloud/ sudo -u www-data php occ maintenance:update:htaccess ``` ### Scheduling tasks Setup crontab ```bash sudo crontab -u www-data -e ``` Insert the following ```bash */5 * * * * php -f /var/www/nextcloud/cron.php ``` Update settings ```bash cd /var/www/nextcloud/ sudo -u www-data php /var/www/nextcloud/occ background:cron ``` ### Caching Check of Opcache is working ```bash php -r 'phpinfo();' | grep opcache.enable ``` ### Redis Add redis to the www-data group ```bash usermod -a -G redis www-data ``` Configure redis server ```bash nano /etc/redis/redis.conf ``` Uncomment the following ```bash unixsocket /var/run/redis/redis.sock unixsocketperm to 770 ``` Restart redis ```bash systemctl restart redis-server ``` Check output of redis ```bash ls -lh /var/run/redis ``` Update nextcloud php file for redis ```bash nano /var/www/nextcloud/config/config.php ``` Add ```bash 'memcache.local' => '\OC\Memcache\APCu', 'memcache.locking' => '\OC\Memcache\Redis', 'redis' => array ( 'host' => 'localhost', 'port' => 6379, 'timeout' => 1, 'password' => '', ), ``` ### APCu Change apcu settings ```bash nano /etc/php/8.2/apache2/conf.d/20-apcu.ini ``` Change to ```bash extension=apcu.so apc.enabled=1 apc.enable_cli=1 ``` Enable apcu ```bash cd /var/www/nextcloud/ sudo -u www-data php --define apc.enable_cli=1 /var/www/nextcloud/occ maintenance:repair ``` Add hsts settings ```bash nano /etc/apache2/sites-available/nextcloud.conf ``` Add the following ```bash Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains" ``` Restart apache2 ```bash systemctl restart apache2 ``` Set maintenence window ```bash cd /var/www/nextcloud sudo -u www-data php /var/www/nextcloud/occ config:system:set maintenance_window_start --type=integer --value=1 ``` Log in as admin and set email address for admin user and email settings in Basic Settings ```bash notify.akanealw@gmail.com smtp.gmail.com 587 notify.akanealw@gmail.com leawkqqpthbwacrf ``` #### Troubleshooting brute force lockout ```bash mariadb DELETE FROM nextcloud.oc_bruteforce_attempts; exit; ```